Fortigate also create a valid firewall policy to apply its IPS (What is intrusion Prevention System ?) filter, from Wan to Clinet or Wan, and in rules such as Server, the Security Profiles section also processs with defult settings.
Since defult settings have over 7000 (constantly updated) IPS signatures, it would be a better decision to perform IPS filtering according to the rule in order to load less on the device. We can also do this under Intrusion Prevention in the Security Profiles menu. As follows, we can combine the signatures we need by filtering them in detail, such as OS, server, client and application type.
By applying this IPS package to the rule, we contribute to the performance of the device.